052f031ce3e09e967c021213aa028585c5157c3724bf1ed36eed488b435585da

Analysis

max time kernel
40s
max time network
177s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
08-07-2024 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

base.apk
Size

2.8MB
MD5

bc03807f90300ed384aa3fbe462b5819
SHA1

d7654d4cd34105c704288b378d3ad708f0a0872d
SHA256

052f031ce3e09e967c021213aa028585c5157c3724bf1ed36eed488b435585da
SHA512

6b7c5d1b3d6d134dd96bb59665abca96a65ad6a2edc0c301c574ec1cba1ebecf4602395a97c629655772f58ebe22bc7cf0266cf71738f6da6a4a8552097a4ad9
SSDEEP

49152:7PSe9096pV6rX+Q1VpBaHoIkoo59X9SABZ+nm98mFBXAwtWk0ESkbU25q:7qe9b2rX+QFMIIkh9tSABAngW6rq

Score

7^/10

collection credential_access discovery impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

X.God.X

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener X.God.X
Acquires the wake lock 1 IoCs

Processes:

X.God.X

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock X.God.X
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

X.God.X

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo X.God.X
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

X.God.X

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone X.God.X
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

X.God.X

description ioc process

Framework service call android.app.IActivityManager.registerReceiver X.God.X
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

X.God.X

description ioc process

File opened for read /proc/meminfo X.God.X

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	X.God.X

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	X.God.X

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	X.God.X

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	X.God.X

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	X.God.X

description	ioc	process
File opened for read	/proc/meminfo	X.God.X

X.God.X
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4966

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
49125785233121d143cc277fa0eee48f

SHA1
2064eee4d6c1f2a34266e46d537baa138ebe2e51

SHA256
00901c3d9d79c39ffac4263806c8ce5762396cc8d792d1592474393cfdae4603

SHA512
23e992896be9171a4552d7d78f42f4d546f9dd099179f7b5753a0cb6c12f39e9718e8e6bf8af413d9700e33184d7f523ffda491bea86a1c1dff63ee6fa3dbbe0

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ed79aea2548329f3fefd4cee26e4403d

SHA1
8872fba4798a22e4aefabc2af0b38b521656adbe

SHA256
2129022a749f79f8e068a801eb0657de2e6bb26d1f3b817c1549db028e59df60

SHA512
62c23fa1bebb6a5cded7072242c75fef3952ad6bc32c04935413b06f33d394f152c6ec7a3547f31b9f4c54307a2a1ab6044fe6c6065486e1465a4166f2574033

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
39d87572052de60e849831939999671f

SHA1
1ca9cc6ad5fcad9b1bbf88077cf44f5ed65709cc

SHA256
80fe967902a4c8a6b394dcb6c883127801e2ed51eb63f7d6f5e53b9512abaf27

SHA512
a005481e3dee5e2e7263402682c790cf08072220b0908acff2ebf824d5acb054847af8f7af0df399d5fd35cf9d37164bb1e6c391894a2faff33233d354f2c338

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0b58e452a9451c06344efe1bba60c4fa

SHA1
3b72404cd11adff4b9e147e5b36a94143b38d45d

SHA256
e5d8cfe4a09b3b2b57297911b09f0fe73766b307fb12aeb9ff5a06e789e30961

SHA512
f9c4fc8bd9d24a3f93fc33fdc85ed910f5c65791434fa237e418f413d4812180d5fbc23363a0810107c74d96035bb5c275c7a088728db2a217e8fc7c2973c310

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
adf6082723784327d7d1b34adf974e7d

SHA1
b1502f70eb881a1dfe41139cb719fefb877ee37c

SHA256
252defb835b04f4af7c59bde7bd119664e901928f1373171a287897e729cb2a9

SHA512
762f146c452e590e0e3015a080e9821b5488551b9cca7a212ceb11a853ddf6b1894c99d09ba20e6691f5078aaa8e17a6ed66dbbe541eaee152978fab6884e27b

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ae1bd9a38f067a69be285597097b593c

SHA1
6e92ff8540ff4a1e044893ac2dac4dc86cc2c395

SHA256
3f1754c49e991e1e53a00329dfc97632f9ab7c21af702f05bf6e39011ec5b4b5

SHA512
6f28c0600270a060eeb9b4c1be33a4c337441ecaa4295b6398281f541fed21d07f908fd65bd62c85b32b6a58801654770b4dfcbbe4800fc4a480212c4810cd7d

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a9d3a288a41735d187923e04dd10c07a

SHA1
a652f3d33c155efd2099ccda6aa10cca36e891a7

SHA256
c9150974087685b25aa5433a91291ee529afc52148994bdf7c8d65871e2073ed

SHA512
47f0021d4dff134ac5fed0fd1b77a6ce471357207bf9ae5717b4da46bcc41c03ef7bd0048643a9c86ad73bba0ef3ebd1ed8143bb484c1da865c7d2c8ca988d76

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
06bbf682e341418410237253ce3e476a

SHA1
2a2064d58254b7d05d4720e84141aa8d2eea0ce4

SHA256
860cd1952e1f434d7e0b5056a32cff592f53d1ec1ce45194208edd75684fa8d6

SHA512
9cbc427e2ad97fa6b3a7006b483f0be4a5e19989559635eb08c1f6f4d97a2c28896781225705d151e59d0b297cc04380d3e5e7e9909c40b301415b8739f2f9bb

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7184ddb73504d6f69a74f4337003d708

SHA1
524e87cab70182c4a50588e8b8d3594bef6fef02

SHA256
125f613e704cf7d436df2a85dca68884459773bc9d17da6c5d0e48c02c649ed9

SHA512
27cab5ee98a6fe11a806a93c9e12c4bdce16d272056769209516a065c58f4cf1d47347440738385f8670bfbb8402da19fe3122d197bd00563869fde0dc05dbd8

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
472f13dda244c666ef535fc733be7299

SHA1
066e4d7b01df4ae6a8fd6048b8e0a3356ad9b207

SHA256
a16fc8044aec7a75ebf8b11b0b4dd9c2d15666559a2eb62e61ed5006b11e9d2f

SHA512
7d78db66565839bb9aac9a0546810643304d726673a72c1159b3d9fe9277a1c55ac741eb56d7ed4fd05d325f8a8516b6b57ed08a20ebe3c50acd18d82f1389ba

Download Submit
/data/data/X.God.X/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8e04be4c8c700abd4d40156868a739e9

SHA1
440ed9ae0fc58eb1180a811a79a14531148528f6

SHA256
4af38ecc8c9feb82727af1255b997b425f2e747b7874494d9bc680e6816aee11

SHA512
1007fe901ee3d22204f216e435b8c98f1886acba6c5e52192331f331326f08d617aeeb7d304a80122b3d681e4e26b47ba935a064bb48afc18a65bd568b69e9fb

Download Submit
/data/data/X.God.X/files/PersistedInstallation7055124883306481807tmp

Filesize
569B

MD5
b1b950ed372e49f65f2ed07a01b94c31

SHA1
5b212901d041126bbb4231eb0ae2ef7f04e65f7e

SHA256
7a1474586b243624dbca03e9951f8c7d4547695a19a34e4d67050781a23f1153

SHA512
bd65a8d1d88150a0fb81602966527bd741dd57a41c581293436d09179f9096a6c0705554b9f68700554bcdc0815a81c8e59f2265f63040215c113c9f869b93d3

Download Submit
/data/data/X.God.X/files/PersistedInstallation8331451693649446949tmp

Filesize
90B

MD5
05a8179149d4c8a2ac1df86da38155c0

SHA1
d5037e83dba31852feaf3571cb213b4cc40830a0

SHA256
2822202b230ba23a96e4833d5108f5bb7c3e1821db8d46aab8470373e4112c4a

SHA512
017d4fb2eaa6dd56e7b01b4fe37fe37cbf9261f1d57ed597e641b4e5ff2f0542526e7289262a787f191fe52c99ce679b73f73a5267db562a2ee4b0f11f1b7cc3

Download Submit